[snap] cannot save file under $HOME

Presumably this is a snapd policy and should be filed under snapd too? :)

I'm marking this as triaged but I'm unsure how to solve it as we don't want to allow write access to dot files in the home directory. Perhaps libreoffice could be updated to create a different pattern for temporary file names when under snap confinement?

Hello!

Ubuntu 18.04
libreoffice build ID: libreoffice-6.0.4.2-snap1

I find it weird that opening

* /home/<user>/.hidden/Document.odt DOES NOT WORK (access denied)
* /home/<user>/Documents/.hidden/Document.odt WORKS
* /home/<user>/myfolder/.hidden/Document.odt WORKS

Opening

* /home/<user>/.Hidden.odt DOES NOT WORK (access denied)

Opening

* /home/<user>/Document.odt DOES NOT WORK

 (LibreOffice complains that it can't create a lock file (which is a hidden file), and opens the document only read only)

Opening (non-hidden) documents directly in the home directory is intended to only work read-only?

Seems that accessing hidden files in the first level inside the home directory is denied.
The "home" interface for snaps doesn't allow reading/writing files to .dot directories directly under $HOME. This is to mitigate access to sensitive information. See https://docs.snapcraft.io/reference/interfaces.

We have several applications which access documents under /home/<user>/.hidden which now does not work any more. Of course I could move all the documents to /home/<user>/Documents/.hidden, but this would require all applications to be adjusted for that.

We also have libreoffice extensions which require accessing files in the .hidden directory.
If I move them to the documents directory I have to find out the path of it e.g. via "xdg-user-dir DOCUMENTS", but will that work inside the libreoffice extension with limited access?
I could create a directory with a known name directly in the home directory and put all the files into it, but this could confuse users if there is a directory which contains only a hidden directory.
Unhiding our .hidden directory could also confuse users as we store internal data there.

Any suggestions?

Regards,
Dominik

Proposed fix: https://git.launchpad.net/~libreoffice/+git/libreoffice-snap/commit/?id=0fffe04e069c2e334a00b238cebf150fd2644bac

As pointed out by Mike in a mailing list conversation (https://lists.freedesktop.org/archives/libreoffice/2018-July/080527.html), changing the lock filename pattern will invalidate the benefits of a cross-applications, cross-versions lock mechanism.

I'm wondering if it would work to ignore the failure to create a lock file instead (and warn the user appropriately).

Another occurrence caused by the same root problem: opening e.g. a PNG image file under $HOME/ with libreoffice draw causes the following dialog box to be shown:

  Document Could Not Be Locked

  The lock file could not be created for exclusive access by LibreOffice, due to missing permission to create a lock file on that file location or lack of free disk space.

  [Open Read-Only] [Cancel]

Can't open files , at home, with Libreoffice Writer from Snap.

Sherif, where are those files located, exactly?

Files are in ~/Documents.

Distributions: Ubuntu 18.10 & Kubuntu. Both are 64-bit.

This also applies to Firefox.

It seems no Snap package can access ~/.
I recently re-installed Ubuntu 18.10. On previous installation of Ubuntu 18.10, the problem didn't exist, so it may be due to a recent update.

I can't read bookmark JSON file in ~/Documents from Firefox also.

I fixed it. After installing Ubuntu, I copied data from another partition with `sudo cp -R...`.
Using `sudo chmod a+wrx -R /home/...` didn'r work.
Using `sudo chown ... -R /home/...` worked.

Status changed to 'Confirmed' because the bug affects multiple users.

I can confirm this with 19.04 (Disco Dingo) and libreoffice 6.2.5.2 latest updates. "Document could not be locked". Is this regression?

Hi Ulrich-Lorenz, no regression - the root issue has not yet been resolved.

Just installed LibreOffice 6.3.0.1 with no change.

I cannot open attachments in Evolution using Libreoffice in Disco.
I receive the error:
Access to /home/user/.cache/evolution/tmp/<redacted>.xlsx was denied.

Nikolaj, that's a separate issue. Snaps are not allowed to read files in dot folders under $HOME.

This issue also prevents importing CSV files stored in the user's home directory.

You need to come up with a way to allow snap applications to do *any* action the user explicitly initiates. Only automated dotfile access should be blocked.